In CentOS 7 some security changes were made to the HTML folder and Apache / Root. It is causing issues with the installation of some shopping carts, Joomla and Vanilla. They require certain folders and config.php files be writable in order to function.
With the new security lockdown in CentOS 7, the HTML directory and files are owned by root, but ran under user Apache. When you install for example Squirrelcart, it needs two directories and the config.php file to be writable and set to 0777. I can change them to 0777 making them writable to the world, the problem is that PHP is being run under Apache, and although the directory should be writable, it can't be written to by PHP.
Can someone one detail the best and or simplest way to allow these files to be written to by PHP?
I have PHP scripts that show the files as -rwxrwxrwx, but the script that checks for to see if the file is writable, shows it is not writable. With all the web searches I've hit a wall, I've tried the open_basedir command. Not sure if that is going in the right direction, or if I'm applying it correctly. I need some help and guidance.
Installing shopping carts, Joomla, Vanilla Making Writable
- johnplemons
- Posts: 4
- Joined: 2014/08/06 15:08:32
- Location: Athens Tennessee
- Contact:
Re: Installing shopping carts, Joomla, Vanilla Making Writab
I think your diagnosis of the problem is incorrect since CentOS has always shipped /var/www/html owned root:root.
I suspect that it's more likely that selinux is forbidding any writes to the directory - as indeed it should.
I suspect that it's more likely that selinux is forbidding any writes to the directory - as indeed it should.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
- johnplemons
- Posts: 4
- Joined: 2014/08/06 15:08:32
- Location: Athens Tennessee
- Contact:
Re: Installing shopping carts, Joomla, Vanilla Making Writab
That was it, I changed the setting to setenforce Permissive
The install script sprang to life and it looks like the cart will install, it passed the permissions check.
What is the best method of locking down Selinux while keeping my shopping cart writable?
Thank you by the way for the quick and accurate answer.
john
The install script sprang to life and it looks like the cart will install, it passed the permissions check.
What is the best method of locking down Selinux while keeping my shopping cart writable?
Thank you by the way for the quick and accurate answer.
john
Re: Installing shopping carts, Joomla, Vanilla Making Writab
One possible idea is that it really should only require write access to the config file during the installation - so setting it permissive while you install and then back to enforcing once installed would stop Mr J. Random Hacker from rewriting the config file once the install was complete. Another possible thing I can think of that may or may not work is to replace the config.php file with a symlink to somewhere that it is allowed to write and then amending the file permissions there to stop overwriting once the installation is finished. That may not work since some things break symlinks on update.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: Installing shopping carts, Joomla, Vanilla Making Writab
Instead of setting everything to permissive mode, how about correct the problem at the file level
viewtopic.php?f=48&t=47146
viewtopic.php?f=48&t=47146
Re: Installing shopping carts, Joomla, Vanilla Making Writab
This particular instance is probably a good candidate for using permissive mode since the *install* requires write access to the file but once the install is over, you don't want random people making changes to the file so writes should be denied.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: Installing shopping carts, Joomla, Vanilla Making Writab
Doesn't the OP want the cart to be writeable after getting it working? If not then setting SELinux back to block the writes is probably a quicker way to handle it.
I still find it odd that CentOS 6.5 defaulted to permissive and 7 defaults to locked down. Not that I have a great handle on SELinux policies, but it was a surprise when I found how to check this and ran it against both versions to see the contrast. Recently bought a eBook from packt publishing on SELinux, hope it was worth the $10usd I paid once I get to start on it.
http://www.packtpub.com/networking-and- ... nistration
Once you buy something from them direct or sign up for their daily deals, you get a lot of offers for 50 percent off, and that was a choice about a week ago. Yesterday was a book for wireshark which will hopefully explain some of the mysteries to me.
Bought a really good beginner's Joomla 3 book that I've been chewing through for work which started the whole daily deal thing. They've treated me very well when the second edition of the book came out a couple weeks ago, letting me upgrade at nearly cost for the printed version, so I can't complain about them. If you are an author they can apparently be a little aggressive trying to get you to publish through them, but as a consumer they seem to be pretty good so far. Bit off topic, but it explains the process, back to topic.
I still find it odd that CentOS 6.5 defaulted to permissive and 7 defaults to locked down. Not that I have a great handle on SELinux policies, but it was a surprise when I found how to check this and ran it against both versions to see the contrast. Recently bought a eBook from packt publishing on SELinux, hope it was worth the $10usd I paid once I get to start on it.
http://www.packtpub.com/networking-and- ... nistration
Once you buy something from them direct or sign up for their daily deals, you get a lot of offers for 50 percent off, and that was a choice about a week ago. Yesterday was a book for wireshark which will hopefully explain some of the mysteries to me.
Bought a really good beginner's Joomla 3 book that I've been chewing through for work which started the whole daily deal thing. They've treated me very well when the second edition of the book came out a couple weeks ago, letting me upgrade at nearly cost for the printed version, so I can't complain about them. If you are an author they can apparently be a little aggressive trying to get you to publish through them, but as a consumer they seem to be pretty good so far. Bit off topic, but it explains the process, back to topic.